Prepare for your smart contract audit with confidence. Use this great opportunity to clean up and take care of the code and overall smart contract security.
What is a smart contract audit?
A smart contract security audit is a security checklist-based review conducted by experienced smart contract auditors to ensure that the smart contract is secure, efficient, and functions as intended.
The smart contract audit involves testing the contract's behavior in different scenarios and looking for potential security vulnerabilities or bugs. The goal is to identify any problems and code errors with the smart contract and provide recommendations in the form of an audit report for fixing them, helping to ensure the smart contract is reliable and can be trusted by users.
By conducting a smart contract audit, organizations can improve the security and trustworthiness of their smart contracts, ensuring that they operate as intended and are not vulnerable to attack.
Why is it worth preparing for a smart contract audit?
Smart contract audits are always the best-effort, a balance between the cost on the client's side and the best possible performance of smart contract auditor work. During the audit process, we need to estimate how long it will take us to thoroughly understand the project and verify the potential vulnerabilities and threats.
The more readable and structured your smart contract code is, the easier to understand and the better our estimate can be.
Another very helpful source of information for smart contract auditors is documentation. It is really worth updating the white paper and preparing high-level design diagrams that describe the flow of information going through your protocol.
This can really cut smart contract audit costs on your side. Especially when we don't have to spend a lot of time figuring out how something is supposed to work and describing in the audit report basic security issues that you can easily prevent yourself.
Besides, the smart contract code is like your business card. By paying attention to details, you will gain much more trust from users and protect them from security vulnerabilities and costly errors.
Smart contract audit readiness checklist
Go through this checklist, and you will definitely improve the quality and security of your code.
| Composable Security - quick audit readiness checklist | |||
|---|---|---|---|
| ID | TASK | RESPONSIBLE PERSON | STATUS |
| 1. Code Clarity | |||
| 1.1 | I have deleted unused code snippets and old comments. | ||
| 1.2 | I have added 1-2 sentences describing the purpose of each of the smart contracts at the top. | ||
| 1.3 | I have described each variable. | ||
| 1.4 | I followed a code style that was consistent throughout the codebase. | ||
| 1.5 | I made sure that the variables were named in a way that corresponds to their purpose and that they are easy to understand. | ||
| 2. Documentation | |||
| 2.1 | I described the roles in the project and what they should have access to. | ||
| 2.2 | I have described the main user's business flow in detail. | ||
| 2.3 | I have created high-level diagrams of the protocol. | ||
| 2.4 | I have updated the white paper. | ||
| 2.5 | I briefly described the plans for the potential expansion of the project. | ||
| 3. Materials for auditors | |||
| 3.1 | I created a separate GitHub branch for auditing with files from defined scope (and froze the code). | ||
| 3.2 | I provided reports from previous audits. | ||
| 3.3 | I sent the auditors the documentation of our project (e.g. white paper, architecture diagram, flow diagrams). | ||
| 4. Automated tools | |||
| 4.1 | I ran the slither with default settings and handled the reported bugs. | ||
| 4.2 | I launched solidity-coverage to confirm excellent coverage. | ||
| 5. Final checks | |||
| 5.1 | I compiled the code and ran tests from the audit branch in a fresh environment. | ||
Congratulations
If you have gone through the checklist, you are ready for the smart contract audit.
You did a great job, now it's our turn - Contact us to request an audit and increase your smart contract security.
About the author
Co-author of SCSVS and White Hat. Professionally dealing with security since 2017 and since 2019 contributing to the crypto space. Big DeFi fan and smart contract security researcher.
